Device Locking 5

The Device Locking feature enables an offline key bag to be locked to a specific machine, so that the offline CA AuthID is not usable if it is copied to another machine.
aa813test
The Device Locking feature enables an offline key bag to be
locked
to a specific machine, so that the offline CA AuthID is not usable if it is copied to another machine.
The feature works by camouflaging (protecting) an offline key bag using a password made of two components.
  1. The offline password selected by the user for the offline CA AuthID.
  2. A new Machine PIN, which is derived from unique machine-specific information derived from the hardware characteristics of the client machine. Refer to the "Device Locking" section for more information on the machine parameters that are used for deriving machine PIN.
The device locking is done at the time of offline password registration during offline key bag creation. After an offline CA AuthID is locked to the user's machine, it is not usable if you copy it to another machine.
The offline_devlock_required CA AuthID attribute specifies whether the offline CA AuthID has to be locked to the device.
The following table lists the values that are supported by the offline_devlock_required attribute:
Value
Description
Yes
Specify this value if you want to lock the user’s offline CA AuthID to their system.
No
Specify this value if you want to permit the users to copy their offline CA AuthID to another system and authenticate using the copied offline CA AuthID.
Note:
This value is selected by default.
If you enable device locking, then you have to use the offline_devlock_type attribute to specify the locking parameters. You have to pass the device locking parameters in a string format.
The supported parameters and the specification format are same as that of the devlock_type attribute used for locking the online CA AuthID. Refer "Device Locking" for more information.